A. Arora, Contracting for tacit knowledge: the provision of technical services in technology licensing contracts, Journal of Development Economics, vol.50, issue.2, pp.233-256, 1996.
DOI : 10.1016/S0304-3878(96)00399-9

J. Barthelemy, The hidden costs of IT outsourcing. MIT Sloan management review, pp.60-69, 2001.

R. Bojanc and B. Jerman-bla?i?, An economic modelling approach to information security risk management, International Journal of Information Management, vol.28, issue.5, pp.413-422, 2008.
DOI : 10.1016/j.ijinfomgt.2008.02.002

A. J. Chang and Q. J. Yeh, On security preparations against possible IS threats across industries. Information management & computer security, pp.343-360, 2006.

C. Colwill and A. Gray, Creating an effective security risk model for outsourcing decisions, BT Technology Journal, vol.24, issue.4, pp.79-87, 2007.
DOI : 10.1007/s10550-007-0011-y

G. Dhillon, Organizational competence for harnessing IT: A case study, Information & Management, vol.45, issue.5, pp.297-303, 2008.
DOI : 10.1016/j.im.2008.01.008

J. Dibbern, T. Goles, R. Hirschheim, and B. Jayatilaka, Information systems outsourcing, ACM SIGMIS Database, vol.35, issue.4, pp.6-102, 2004.
DOI : 10.1145/1035233.1035236

M. T. Dlamini, J. H. Eloff, and M. M. Eloff, Information security: The moving target. computers & security, pp.189-198, 2009.
DOI : 10.1016/j.cose.2008.11.007

URL : http://repository.up.ac.za/bitstream/2263/9272/1/Dlamini_Information%282009%29.pdf

M. R. Doomun, Multi???level information system security in outsourcing domain, Business Process Management Journal, vol.14, issue.6, pp.849-857, 2008.
DOI : 10.1108/14637150810916026

M. J. Earl, The risks of outsourcing IT, Sloan Management Review, vol.37, pp.26-32, 1996.

H. Fulford and N. F. Doherty, The application of information security policies in large UK???based organizations: an exploratory investigation, Information Management & Computer Security, vol.11, issue.3, pp.106-114, 2003.
DOI : 10.1108/09685220310480381

T. Goles, The Impact of Client-Vendor Relationship on Outsourcing Success, University of Houston, 2001.

J. C. Henderson and N. Venkatraman, Strategic alignment: leveraging information technology for transforming organisations, IBM Systems Journal, vol.32, issue.1, pp.4-16, 1993.
DOI : 10.1147/sj.1999.5387096

K. M. Kaiser and S. Hawk, Evolution of offshore software development: From outsourcing to cosourcing, MIS Quarterly Executive, vol.3, issue.2, pp.69-81, 2004.

T. Kern, L. P. Willcocks, and M. C. Lacity, Application service provision: Risk assessment and mitigation, MIS Quarterly Executive, vol.1, issue.2, pp.113-126, 2002.
DOI : 10.1057/9780230288034_10

A. M. Khalfan, Information security considerations in IS/IT outsourcing projects: a descriptive case study of two sectors, International Journal of Information Management, vol.24, issue.1, pp.29-42, 2004.
DOI : 10.1016/j.ijinfomgt.2003.12.001

M. C. Lacity and L. P. Willcocks, An Empirical Investigation of Information Technology Sourcing Practices: Lessons from Experience, MIS Quarterly, vol.22, issue.3, pp.363-408, 1998.
DOI : 10.2307/249670

M. C. Lacity, S. Khan, A. Yan, and L. P. Willcocks, A review of the IT outsourcing empirical literature and future research directions, Journal of Information Technology, vol.2, issue.1, pp.395-433, 2010.
DOI : 10.1057/jit.2010.21

N. Levina and J. W. Ross, From the vendor's perspective: exploring the value proposition in information technology outsourcing, pp.331-364, 2003.

J. Livari, The organizational fit of information systems, Information Systems Journal, vol.7, issue.1, pp.3-29, 1992.
DOI : 10.2307/248763

K. D. Loch, H. H. Carr, and M. E. Warkentin, Threats to Information Systems: Today's Reality, Yesterday's Understanding, MIS Quarterly, vol.16, issue.2, pp.173-186, 1992.
DOI : 10.2307/249574

S. M. Miranda and C. B. Kavan, Moments of governance in IS outsourcing: conceptualizing effects of contracts on value capture and creation, Journal of Information Technology, vol.10, issue.1, pp.152-169, 2005.
DOI : 10.1287/orsc.7.5.524

G. Nassimbeni, M. Sartor, and D. Dus, Security risks in service offshoring and outsourcing, Industrial Management & Data Systems, vol.112, issue.3, pp.4-4, 2012.
DOI : 10.1108/02635571211210059

D. V. Nightingale and J. M. Toulouse, Toward a Multilevel Congruence Theory of Organization, Administrative Science Quarterly, vol.22, issue.2, pp.264-280, 1977.
DOI : 10.2307/2391960

P. M. Norman, Protecting knowledge in strategic alliances, The Journal of High Technology Management Research, vol.13, issue.2, pp.177-202, 2002.
DOI : 10.1016/S1047-8310(02)00050-0

C. Okoli and S. D. Pawlowski, The Delphi method as a research tool: an example, design considerations and applications, Information & Management, vol.42, issue.1, pp.15-29, 2004.
DOI : 10.1016/j.im.2003.11.002

K. Osei-bryson and O. K. Ngwenyama, Managing risks in information systems outsourcing: An approach to analyzing outsourcing risks and structuring incentive contracts, European Journal of Operational Research, vol.174, issue.1, pp.245-264, 2006.
DOI : 10.1016/j.ejor.2005.01.060

A. K. Pai and S. Basu, Offshore technology outsourcing: overview of management and legal issues, Business Process Management Journal, vol.13, issue.1, pp.21-46, 2007.
DOI : 10.1108/14637150710721113

S. Posthumus, V. Solms, and R. , A framework for the governance of information security, Computers & Security, vol.23, issue.8, pp.638-646, 2004.
DOI : 10.1016/j.cose.2004.10.006

T. Raghu, Cyber-security policies and legal frameworks governing Business Process and IT Outsourcing arrangements. Paper presented at the Indo-US conference on cyber-security, cyber-crime & cyber forensics, 2009.

S. Sakthivel, Managing risk in offshore systems development, Communications of the ACM, vol.50, issue.4, pp.69-75, 2007.
DOI : 10.1145/1232743.1232750

R. C. Schmidt, Managing Delphi Surveys Using Nonparametric Statistical Techniques, Decision Sciences, vol.10, issue.4, pp.763-774, 1997.
DOI : 10.1016/0378-7206(91)90056-8

J. D. Sterman, N. P. Repenning, and F. Kofman, Unanticipated Side Effects of Successful Quality Programs: Exploring a Paradox of Organizational Improvement, Management Science, vol.43, issue.4, pp.503-521, 1997.
DOI : 10.1287/mnsc.43.4.503

I. Tickle, Data Integrity Assurance in a Layered Security Strategy, Computer Fraud & Security, vol.2002, issue.10, pp.9-13, 2002.
DOI : 10.1016/S1361-3723(02)01011-4

E. Tran and M. Atkinson, Security of personal data across national borders Information management & computer security, pp.237-241, 2002.

N. Venkatraman, Beyond outsourcing: managing IT resources as a value center, Sloan Management Review, vol.38, issue.3, pp.51-64, 1997.

Y. Wei and M. Blake, Service-Oriented Computing and Cloud Computing: Challenges and Opportunities, IEEE Internet Computing, vol.14, issue.6, pp.14-72, 2010.
DOI : 10.1109/MIC.2010.147

L. Willcocks and M. C. Lacity, Relationships in IT Outsourcing: A Stakholder Perspective ," in: Framing the Domains of IT Management, pp.355-384, 2000.

L. Willcocks, J. Hindle, D. Feeny, and M. Lacity, It and Business Process Outsourcing: The Knowledge Potential, Information Systems Management, vol.21, issue.3, pp.7-15, 2004.
DOI : 10.2307/259373

K. Wüllenweber, D. Beimborn, T. Weitzel, and W. König, The Impact of Process Standardization on Business Process Outsourcing Success, Information Systems Frontiers, vol.10, issue.2, pp.211-224, 2008.
DOI : 10.1007/978-3-540-88851-2_23